Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 9 Feb 1999 19:42:13 -0800
From:      Matthew Hunt <mph@pobox.com>
To:        Greg Lehey <grog@lemis.com>
Cc:        Gregory Sutter <gsutter@pobox.com>, freebsd-questions@FreeBSD.ORG
Subject:   Re: finger
Message-ID:  <19990209194213.A89829@wopr.caltech.edu>
In-Reply-To: <19990210135059.G71962@freebie.lemis.com>; from Greg Lehey on Wed, Feb 10, 1999 at 01:50:59PM %2B1030
References:  <XFMail.990210113213.keith@apcs.com.au> <Pine.BSF.4.05.9902092011100.388-100000@nyc-ny69-14.ix.netcom.com> <19990209190356.A7841@orcrist.mediacity.com> <19990210135059.G71962@freebie.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Feb 10, 1999 at 01:50:59PM +1030, Greg Lehey wrote:

> How can you know it's a finger from root?

Check the EUID in hide() in src/usr.bin/finger/util.c; in inetd.conf,
run fingerd as nobody (which is the default).

(I don't think anybody's expecting "finger @localhost" by root to
recognize your rootfulness.)

With this change, I think everything works per Greg's wishes:

wopr:~$ whoami
mph
wopr:~$ touch .nofinger
wopr:~$ finger
No one logged on.
wopr:~$ sudo finger
Login            Name                 TTY  Idle  Login Time   Office  Phone
mph              Matthew Hunt         p1         Jan 30 14:11 03 Robi +1 626 39
mph              Matthew Hunt         p4         Jan 30 15:27 03 Robi +1 626 39
mph              Matthew Hunt         p5     23  Feb  1 20:42 03 Robi +1 626 39
wopr:~$ finger @localhost
[localhost]
No one logged on.

Index: util.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/finger/util.c,v
retrieving revision 1.5
diff -u -r1.5 util.c
--- util.c	1997/07/02 06:34:51	1.5
+++ util.c	1999/02/10 03:40:17
@@ -393,6 +393,9 @@
 {
 	char buf[MAXPATHLEN+1];
 
+	if (!geteuid())
+		return 0;
+
 	if (!pw->pw_dir)
 		return 0;
 


-- 
Matthew Hunt <mph@pobox.com> * Science rules.
http://www.pobox.com/~mph/pgp.key for PGP public key 0x67203349.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990209194213.A89829>